- Sep 18, 2022
-
-
Evangelos Foutras authored
Seems ansible-lint thinks a task calling the unqualified user module is "not valid under any of the given schemas (schema[tasks])".
-
Evangelos Foutras authored
Not sure why this is needed but whatever.
https://github.com/ansible/schemas/discussions/227 -
Evangelos Foutras authored
-
Evangelos Foutras authored
Prevents the following lint failure: jinja: You need to install "jmespath" prior to running json_query filter (jinja[invalid])
-
Evangelos Foutras authored
-
Evangelos Foutras authored
-
Kristian Klausen authored
The service was enabled in arch-boxes to account for "hardware clock is not in UTC, but instead UTC+X"[1], in our case the (VM) hardware clock is in UTC and we therfor don't need the slow systemd-time-wait-sync service (+30 seconds). [1] arch-boxes@e23d3c57
-
Kristian Klausen authored
arch_boxes_sync: Pull the artifacts from GitLab's package registry See merge request !580
-
Kristian Klausen authored
-
Kristian Klausen authored
Fixes: 2e799bd1 ("arch_boxes_sync: Create predictable symlinks for latest image files")
-
Kristian Klausen authored
arch-boxes has decided to use GitLab's package registry instead of job artifacts[1]. [1] arch-boxes@d04c8274
-
Kristian Klausen authored
Fixes: 2e799bd1 ("arch_boxes_sync: Create predictable symlinks for latest image files")
-
Kristian Klausen authored
mailman3: allow everyone to post to the arch-wiki-admins mailing list See merge request !629
-
nl6720 authored
The mailing list is used for non-public communication with users, so everyone needs be able to post to it. It is also the assigned email address of the ArchWiki user "WikiSysop". See https://wiki.archlinux.org/title/ArchWiki:Maintenance_Team#Who,_when_and_how_to_contact
-
Kristian Klausen authored
tf/keycloak: Add openid client for buildbot See merge request !623
-
Kristian Klausen authored
The buildbot POC wants to use Keycloak for user authentication. The client is public, because it doesn't make sense to have a client secret, which can't be kept under wrap anyway (it would need to be shipped with the CLI[1]). [1] https://gitlab.archlinux.org/foxboron/buildctl
-
Kristian Klausen authored
From time to time aurweb is failing with "Too many open files" errors[1], this could indicate a bug in aurweb or perhaps the limit is just too low. Let's try doubling the limit and see if it helps. [1] https://gitlab.archlinux.org/archlinux/aurweb-errors/-/issues/275
-
- Sep 17, 2022
-
-
Kristian Klausen authored
The code isn't vulnerable to nginx alias traversal[1][2], nevertheless it should only match /static/ and not e.g. /staticfoobar. [1] d94f18a7 ("Fix nginx alias traversal") [2] https://github.com/yandex/gixy/blob/641060d6355fbb5bd71695928a2bf14a9bcb8bf2/docs/en/plugins/aliastraversal.md Fixes: 9294828f ("Setup mailman3 server")
-
Kristian Klausen authored
Whoosh is used by default, but it is slow at indexing (multiple hours for just aur-requests) and searching e.g. aur-requests isn't possible (it is slow and uses 3G+ of memory resulting in it getting OOM-killed). Xapian indexed everything in just 76 minutes and searching aur-requests now works and is plenty fast. Co-authored-by:
Evangelos Foutras <evangelos@foutrelis.com>
-
Evangelos Foutras authored
This avoids triggering a GitLab push rule which rejects files that look like secrets.
-
- Sep 16, 2022
-
-
Kristian Klausen authored
Add GPG master and signing key for Renovate and arch-boxes See merge request !579
-
Kristian Klausen authored
The key is used for signing the releases, so the users can be sure the images on the mirrors haven't been modified. arch-boxes has been tweaked to use the key in this MR[1]. [1] arch-boxes!176
-
Kristian Klausen authored
Renovate is a tool for: "Automated dependency updates. Multi-platform and multi-language."[1]. We require all commits pushed directly to official projects to be signed, so a master key and signing key have been generated for Renovate. Both keys are stored in renovate.asc and Renovate only has access to the signing key. [1] https://github.com/renovatebot/renovate
-
Evangelos Foutras authored
syncriscv: add role for mirroring the RISC-V port See merge request !625
-
Evangelos Foutras authored
Going to be served by all our Geo boxes under riscv.mirror.pkgbuild.com.
-
Evangelos Foutras authored
Fixes: 578b7819 ("Capitalize the handler name in handler invocations") Fixes: 26f289b7 ("Capitalize the first letter of all task names")
-
Kristian Klausen authored
All lists have been migrated to mailman3[1] and mailman3 is what users should use, so show its interface by default and not the mailman2 interface. [1] 75ac7d09 ("mailman: Fourth and final batch of mailman3 migrated lists")
-
- Sep 15, 2022
-
-
Kristian Klausen authored
Fixes: 4d8dfb6a ("mailman: Third batch of mailman3 migrated lists")
-
Kristian Klausen authored
arch-general aur-general aur-requests It has been decided not to migrate the following unlisted and unused lists: arch-magazine arch-notifications arch-test mailman
-
Evangelos Foutras authored
Fixes: 92586d5b ("change(aurweb): rework ansible config for 6.0.0")
-
- Sep 14, 2022
-
-
Leonidas Spyropoulos authored
aurweb: bump to v6.1.4 See merge request !626
-
Leonidas Spyropoulos authored
Required for poetry 1.2 until #1917 is fixed https://github.com/python-poetry/poetry/issues/1917 Signed-off-by:
Leonidas Spyropoulos <artafinde@archlinux.org>
-
Leonidas Spyropoulos authored
Signed-off-by:
Leonidas Spyropoulos <artafinde@archlinux.org>
-
Evangelos Foutras authored
-
Jan Alexander Steffens (heftig) authored
-
Jan Alexander Steffens (heftig) authored
-
- Sep 12, 2022
-
-
Kristian Klausen authored
The default (40KB) isn't enough for all patches. Fixes: 4d8dfb6a ("mailman: Third batch of mailman3 migrated lists")
-
Kristian Klausen authored
gitlab_runner: try to protect the VM runner kernel from the root user See merge request !617
-
nl6720 authored
Enable kernel lockdown in confidentiality mode to restrict how the root user can interact with the kernel. See https://wiki.archlinux.org/title/Security#Kernel_lockdown_mode and https://man.archlinux.org/man/kernel_lockdown.7 This could prevent a scenario where a malicious kernel module or access to some interface that kernel lockdown prevents, would allow or assist in escaping the KVM. It is not very likely as there needs to be an exploitable vulnerability in the hypervisor. To make it more secure, the host too would need to enable kernel lockdown. In the end this may only give some sense of security, but, as we all know, that's all that matters anyway.
-
- Sep 11, 2022
-
-
Kristian Klausen authored
arch-commits arch-security aur-dev pacman-contrib pacman-dev
-